Can you imagine an Internet provider offering you lifetime access for just $5? Not a month, mind you. Just a one-time payment of $5 and nothing more, ever. Of course you can’t, because no ISP is ever going to do that. On the Dark Web, however, you can find someone who will gladly get you connected.
These sellers are offering Internet access via a real big-name ISP, no less. Hand over just $5 worth of Bitcoin and they’ll hook you up with access to Comcast’s Xfinity Wifi network. How can they offer lifetime access for the price of a couple coffees? By selling access to compromised accounts.
Like many ISPs, Comcast offers its customers free access to a nationwide network of Wifi hotspots. Chances are good that you live near at least one. To be clear, these are not Comcast customers’ personal Wifi networks. This is the company’s own network, which launched in 2014 and operates independently of Comcast user’s Internet connections.
Where did they get the credentials? Comcast did suffer a breach in 2015 in which the passwords of around 590,000 of its customers were accidentally exposed. Fewer than half those accounts were actually current, however, and Comcast immediately reset all affected passwords.
These Dark Web vendors may be capitalizing on email address and passwords that have been exposed in other breaches. Password re-use is still rampant today, despite repeated warnings from security experts. If a Comcast email address and password pair popped up in another massive dump of credentials, there’s a decent chance it might just grant access to the Xfinity Wifi network.
Is This Legal?
There might be some gray area here, but the short version is probably not. At the very least, you’d be using someone else’s credentials without authorization and accessing a private network that belongs to Comcast without their permission. Depending on what state you live in any kind of “piggybacking” (jumping on a wireless network that isn’t yours without being granted permission) is considered illegal.